BIT-NIFI-2024-45477 Apache NiFi: Improper Neutralization of Input in Parameter Description

Apache NiFi 1.10.0 through 1.27.0 support a description field for Parameters in a Parameter Context configuration that is vulnerable to cross-site scripting. An authenticated user, authorized to configure a Parameter Context, can enter arbitrary JavaScript code, which the client browser will...

The vulnerability of the Linux operating system’s kernel’s media component, which allows a hacker to cause a service failure

The vulnerability of the Linux operating system’s kernel media component is related to defects in exception handling in the MODULEPARMDESC function. Exploiting this vulnerability can allow an attacker to cause a service failure...

Ruifang-tech Rebuild 代码注入漏洞

Ruifang-tech Rebuild is a zero-code, open-source and free enterprise management system from China Ruifang Ruifang-tech. A code injection vulnerability exists in Ruifang-tech Rebuild version 3.8.6, which stems from a misuse of the parameter description that can lead to cross-site scripting...

PT-2024-17803 · Unknown · Simple Admin Panel

Name of the Vulnerable Software and Affected Versions: code-projects Simple Admin Panel version 1.0 Description: A vulnerability was found in the Simple Admin Panel, affecting some unknown functionality of the file updateItemController.php. The manipulation of the argument p name/p desc leads to...

CVE-2022-34188

Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the name and description of Hidden Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-34194

Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape the name and description of Readonly String and Readonly Text parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

Jenkins Plugin Dynamic Extended Choice Parameter 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. Jenkins Dynamic Extended Choice Parameter Plugin version 1.0.1 and prior...

Jenkins JDK Parameter Plugin 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plug-ins to support building, deploying, and automating any project. Jenkins JDK Parameter Plugin 1.0 and earlier versions have a cross-site...

Jenkins Git Parameter Plugin跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exis...

Cross-site Scripting (XSS) - Stored in jonschoning/espial

Description Stored XSS in parameter description when add url Proof of Concept // PoC.request POST /api/add HTTP/2 Host: esp.ae8.org Cookie:...